Vulnerabilities
Vulnerable Software
Growatt:  Security Vulnerabilities
Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-04-15
An attacker can upload an arbitrary file instead of a plant image.
CVSS Score
9.3
EPSS Score
0.002
Published
2025-04-15
Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off).
CVSS Score
6.9
EPSS Score
0.006
Published
2025-04-15
Unauthenticated attackers can query an API endpoint and get device details.
CVSS Score
6.9
EPSS Score
0.005
Published
2025-04-15
An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-04-15
Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-04-15
An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-04-15
Unauthenticated attackers can rename "rooms" of arbitrary users.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-04-15
An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-04-15
Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers).
CVSS Score
6.9
EPSS Score
0.003
Published
2025-04-15


Contact Us

Shodan ® - All rights reserved